"Play Ransomware Using MSPs and N-Days to Attack"
Adlumin security researchers are warning of the Play ransomware group targeting security Managed Service Providers (MSPs) to gain initial access and exploit up to five-year-old security appliance vulnerabilities. According to Kevin O'Connor, director of threat research at Adlumin, it is a clever tactic to attack companies via their security vendor. Cyber defenders find it difficult to detect the attack because it initially masquerades as legitimate administrative access and grants attackers unrestricted access to the target's network and Infomation Technology (IT) assets. According to the security firm, the gang also uses intermittent encryption to avoid triggering defenses that check for entire file modifications. The latest campaign targets the financial, software, legal, and logistics industries in the US, Australia, the UK, and Italy. The Play ransomware group is responsible for cyberattacks on the city of Oakland, the Judiciary of Córdoba in Argentina, and more. TrendMicro reported that the group's activities are similar to those of the ransomware groups Hive and Nokoyawa, indicating a possible affiliation. This article continues to discuss the Play ransomware group's history and most recent campaign.
BankInfoSecurity reports "Play Ransomware Using MSPs and N-Days to Attack"